Articles in this section

Fine Tuning User Management

Teams provide a very broad way to assign authorities. If a Team grants the Consumer authority, say, it grants that authority over everything in the project. That means all content is readable by anyone on the team. While this is useful in a number of cases, it is also too broad a stroke for more complex scenarios.

In a more complex scenario where you wish to limit read access for specific types of content to specific users. To do this, you start by modifying your Teams so they no longer do that broad sweep:

1. Click on a Team (such as the Project Users Team).2. Click on Properties.3. Click the check box for "Manage Node permissions independently".4. Click on Save.

By doing that, any users on the Project Users Team will no longer automatically inherit the Consumer right against content inside of the project. To see this, you can click on Properties. A "Revoke Consumer from Node" policy is added to the team which tells Cloud CMS not to propagate the Consumer role from the Team to any Nodes in the project. You can adjust this to filter out any other Roles you don't want to propagate.

Once you've done that, you'll need to grant rights to content explicitly using either Folders or Content Type Definitions.

Using Folders, you can grant the Consumer right to the Root Folder of your folder tree and all child folders and nodes contained within nested folders will inherit that Consumer right. Similarly, you can prescribe the Consumer right to some folders but not others.

Using Content Type Definitions, you can grant a Custom Role (you'll have to create the role) to a user against a Definition which grants the READ_WITH_DEFINITION permission. This permission indicates that the user should have read rights over any content of that type. As noted, you'll have to create a custom role that grants the permission and then grant to a user against the Definition.